summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2014-06-01 01:46:13 +0000
committerjsing <>2014-06-01 01:46:13 +0000
commite951e06dd09f76940d341867de95774f4e9814b7 (patch)
tree950ece95dd7ce140dfccef9f8b08090139a1d26d /src/lib
parenta9478c5fe632c07fa8cacb9aec36bd254df2af8b (diff)
downloadopenbsd-e951e06dd09f76940d341867de95774f4e9814b7.tar.gz
openbsd-e951e06dd09f76940d341867de95774f4e9814b7.tar.bz2
openbsd-e951e06dd09f76940d341867de95774f4e9814b7.zip
Use C99 initialisers for cipher_aliases. This improves readability,
removes the need for zero values to be specified (meaning that we usually specify two fields instead of 12), makes the field names grepable and protects from future field reordering/removal. ok beck@ miod@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c424
-rw-r--r--src/lib/libssl/ssl_ciph.c424
2 files changed, 664 insertions, 184 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 456a7536b7..b3bcc66f66 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
223} CIPHER_ORDER; 223} CIPHER_ORDER;
224 224
225static const SSL_CIPHER cipher_aliases[] = { 225static const SSL_CIPHER cipher_aliases[] = {
226 /* "ALL" doesn't include eNULL (must be specifically enabled) */
227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
228 /* "COMPLEMENTOFALL" */
229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
230
231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
233
234 /* key exchange aliases
235 * (some of those using only a single bit here combine
236 * multiple key exchange algs according to the RFCs,
237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
239
240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245
246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
247 226
248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 227 /* "ALL" doesn't include eNULL (must be specifically enabled) */
249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 228 {
250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 229 .name = SSL_TXT_ALL,
251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 230 .algorithm_enc = ~SSL_eNULL,
252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 231 },
253
254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
257 232
233 /* "COMPLEMENTOFALL" */
234 {
235 .name = SSL_TXT_CMPALL,
236 .algorithm_enc = SSL_eNULL,
237 },
238
239 /*
240 * "COMPLEMENTOFDEFAULT"
241 * (does *not* include ciphersuites not found in ALL!)
242 */
243 {
244 .name = SSL_TXT_CMPDEF,
245 .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
246 .algorithm_auth = SSL_aNULL,
247 .algorithm_enc = ~SSL_eNULL,
248 },
249
250 /*
251 * key exchange aliases
252 * (some of those using only a single bit here combine multiple key
253 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
254 * and DHE_RSA)
255 */
256 {
257 .name = SSL_TXT_kRSA,
258 .algorithm_mkey = SSL_kRSA,
259 },
260 {
261 /* no such ciphersuites supported! */
262 .name = SSL_TXT_kDHr,
263 .algorithm_mkey = SSL_kDHr,
264 },
265 {
266 /* no such ciphersuites supported! */
267 .name = SSL_TXT_kDHd,
268 .algorithm_mkey = SSL_kDHd,
269 },
270 {
271 /* no such ciphersuites supported! */
272 .name = SSL_TXT_kDH,
273 .algorithm_mkey = SSL_kDHr|SSL_kDHd,
274 },
275 {
276 .name = SSL_TXT_kEDH,
277 .algorithm_mkey = SSL_kEDH,
278 },
279 {
280 .name = SSL_TXT_DH,
281 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
282 },
283
284 {
285 .name = SSL_TXT_kKRB5,
286 .algorithm_mkey = SSL_kKRB5,
287 },
288
289 {
290 .name = SSL_TXT_kECDHr,
291 .algorithm_mkey = SSL_kECDHr,
292 },
293 {
294 .name = SSL_TXT_kECDHe,
295 .algorithm_mkey = SSL_kECDHe,
296 },
297 {
298 .name = SSL_TXT_kECDH,
299 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
300 },
301 {
302 .name = SSL_TXT_kEECDH,
303 .algorithm_mkey = SSL_kEECDH,
304 },
305 {
306 .name = SSL_TXT_ECDH,
307 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
308 },
309
310 {
311 .name = SSL_TXT_kPSK,
312 .algorithm_mkey = SSL_kPSK,
313 },
314 {
315 .name = SSL_TXT_kSRP,
316 .algorithm_mkey = SSL_kSRP,
317 },
318 {
319 .name = SSL_TXT_kGOST,
320 .algorithm_mkey = SSL_kGOST,
321 },
322
258 /* server authentication aliases */ 323 /* server authentication aliases */
259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 324 {
260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 325 .name = SSL_TXT_aRSA,
261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 326 .algorithm_auth = SSL_aRSA,
262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 327 },
263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 328 {
264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 329 .name = SSL_TXT_aDSS,
265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 330 .algorithm_auth = SSL_aDSS,
266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 331 },
267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 332 {
268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 333 .name = SSL_TXT_DSS,
269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 334 .algorithm_auth = SSL_aDSS,
270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 335 },
271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 336 {
272 337 .name = SSL_TXT_aKRB5,
338 .algorithm_auth = SSL_aKRB5,
339 },
340 {
341 .name = SSL_TXT_aNULL,
342 .algorithm_auth = SSL_aNULL,
343 },
344 {
345 /* no such ciphersuites supported! */
346 .name = SSL_TXT_aDH,
347 .algorithm_auth = SSL_aDH,
348 },
349 {
350 .name = SSL_TXT_aECDH,
351 .algorithm_auth = SSL_aECDH,
352 },
353 {
354 .name = SSL_TXT_aECDSA,
355 .algorithm_auth = SSL_aECDSA,
356 },
357 {
358 .name = SSL_TXT_ECDSA,
359 .algorithm_auth = SSL_aECDSA,
360 },
361 {
362 .name = SSL_TXT_aPSK,
363 .algorithm_auth = SSL_aPSK,
364 },
365 {
366 .name = SSL_TXT_aGOST94,
367 .algorithm_auth = SSL_aGOST94,
368 },
369 {
370 .name = SSL_TXT_aGOST01,
371 .algorithm_auth = SSL_aGOST01,
372 },
373 {
374 .name = SSL_TXT_aGOST,
375 .algorithm_auth = SSL_aGOST94|SSL_aGOST01,
376 },
377
273 /* aliases combining key exchange and server authentication */ 378 /* aliases combining key exchange and server authentication */
274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 379 {
275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 380 .name = SSL_TXT_EDH,
276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 381 .algorithm_mkey = SSL_kEDH,
277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 382 .algorithm_auth = ~SSL_aNULL,
278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 383 },
279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 384 {
280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 385 .name = SSL_TXT_EECDH,
281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 386 .algorithm_mkey = SSL_kEECDH,
282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 387 .algorithm_auth = ~SSL_aNULL,
283 388 },
284 389 {
390 .name = SSL_TXT_NULL,
391 .algorithm_enc = SSL_eNULL,
392 },
393 {
394 .name = SSL_TXT_KRB5,
395 .algorithm_mkey = SSL_kKRB5,
396 .algorithm_auth = SSL_aKRB5,
397 },
398 {
399 .name = SSL_TXT_RSA,
400 .algorithm_mkey = SSL_kRSA,
401 .algorithm_auth = SSL_aRSA,
402 },
403 {
404 .name = SSL_TXT_ADH,
405 .algorithm_mkey = SSL_kEDH,
406 .algorithm_auth = SSL_aNULL,
407 },
408 {
409 .name = SSL_TXT_AECDH,
410 .algorithm_mkey = SSL_kEECDH,
411 .algorithm_auth = SSL_aNULL,
412 },
413 {
414 .name = SSL_TXT_PSK,
415 .algorithm_mkey = SSL_kPSK,
416 .algorithm_auth = SSL_aPSK,
417 },
418 {
419 .name = SSL_TXT_SRP,
420 .algorithm_mkey = SSL_kSRP,
421 },
422
285 /* symmetric encryption aliases */ 423 /* symmetric encryption aliases */
286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 424 {
287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 425 .name = SSL_TXT_DES,
288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 426 .algorithm_enc = SSL_DES,
289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 427 },
290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 428 {
291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 429 .name = SSL_TXT_3DES,
292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 430 .algorithm_enc = SSL_3DES,
293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, 431 },
294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 432 {
295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 433 .name = SSL_TXT_RC4,
296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 434 .algorithm_enc = SSL_RC4,
297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 435 },
298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 436 {
299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 437 .name = SSL_TXT_RC2,
300 438 .algorithm_enc = SSL_RC2,
439 },
440 {
441 .name = SSL_TXT_IDEA,
442 .algorithm_enc = SSL_IDEA,
443 },
444 {
445 .name = SSL_TXT_SEED,
446 .algorithm_enc = SSL_SEED,
447 },
448 {
449 .name = SSL_TXT_eNULL,
450 .algorithm_enc = SSL_eNULL,
451 },
452 {
453 .name = SSL_TXT_AES128,
454 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
455 },
456 {
457 .name = SSL_TXT_AES256,
458 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
459 },
460 {
461 .name = SSL_TXT_AES,
462 .algorithm_enc = SSL_AES,
463 },
464 {
465 .name = SSL_TXT_AES_GCM,
466 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
467 },
468 {
469 .name = SSL_TXT_CAMELLIA128,
470 .algorithm_enc = SSL_CAMELLIA128,
471 },
472 {
473 .name = SSL_TXT_CAMELLIA256,
474 .algorithm_enc = SSL_CAMELLIA256,
475 },
476 {
477 .name = SSL_TXT_CAMELLIA,
478 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
479 },
480
301 /* MAC aliases */ 481 /* MAC aliases */
302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 482 {
303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 483 .name = SSL_TXT_MD5,
304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 484 .algorithm_mac = SSL_MD5,
305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 485 },
306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 486 {
307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 487 .name = SSL_TXT_SHA1,
308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 488 .algorithm_mac = SSL_SHA1,
309 489 },
490 {
491 .name = SSL_TXT_SHA,
492 .algorithm_mac = SSL_SHA1,
493 },
494 {
495 .name = SSL_TXT_GOST94,
496 .algorithm_mac = SSL_GOST94,
497 },
498 {
499 .name = SSL_TXT_GOST89MAC,
500 .algorithm_mac = SSL_GOST89MAC,
501 },
502 {
503 .name = SSL_TXT_SHA256,
504 .algorithm_mac = SSL_SHA256,
505 },
506 {
507 .name = SSL_TXT_SHA384,
508 .algorithm_mac = SSL_SHA384,
509 },
510
310 /* protocol version aliases */ 511 /* protocol version aliases */
311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 512 {
312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 513 .name = SSL_TXT_SSLV2,
313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 514 .algorithm_ssl = SSL_SSLV2,
314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 515 },
315 516 {
517 .name = SSL_TXT_SSLV3,
518 .algorithm_ssl = SSL_SSLV3,
519 },
520 {
521 .name = SSL_TXT_TLSV1,
522 .algorithm_ssl = SSL_TLSV1,
523 },
524 {
525 .name = SSL_TXT_TLSV1_2,
526 .algorithm_ssl = SSL_TLSV1_2,
527 },
528
316 /* export flag */ 529 /* export flag */
317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 530 {
318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 531 .name = SSL_TXT_EXP,
319 532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
320 /* strength classes */ 539 /* strength classes */
321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 540 {
322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 541 .name = SSL_TXT_EXP40,
323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 542 .algo_strength = SSL_EXP40,
324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 543 },
325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW,
551 },
552 {
553 .name = SSL_TXT_MEDIUM,
554 .algo_strength = SSL_MEDIUM,
555 },
556 {
557 .name = SSL_TXT_HIGH,
558 .algo_strength = SSL_HIGH,
559 },
560
326 /* FIPS 140-2 approved ciphersuite */ 561 /* FIPS 140-2 approved ciphersuite */
327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 562 {
563 .name = SSL_TXT_FIPS,
564 .algorithm_enc = ~SSL_eNULL,
565 .algo_strength = SSL_FIPS,
566 },
328}; 567};
568
329/* Search for public key algorithm with given name and 569/* Search for public key algorithm with given name and
330 * return its pkey_id if it is available. Otherwise return 0 570 * return its pkey_id if it is available. Otherwise return 0
331 */ 571 */
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 456a7536b7..b3bcc66f66 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
223} CIPHER_ORDER; 223} CIPHER_ORDER;
224 224
225static const SSL_CIPHER cipher_aliases[] = { 225static const SSL_CIPHER cipher_aliases[] = {
226 /* "ALL" doesn't include eNULL (must be specifically enabled) */
227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
228 /* "COMPLEMENTOFALL" */
229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
230
231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
233
234 /* key exchange aliases
235 * (some of those using only a single bit here combine
236 * multiple key exchange algs according to the RFCs,
237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
239
240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245
246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
247 226
248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 227 /* "ALL" doesn't include eNULL (must be specifically enabled) */
249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 228 {
250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 229 .name = SSL_TXT_ALL,
251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 230 .algorithm_enc = ~SSL_eNULL,
252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 231 },
253
254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
257 232
233 /* "COMPLEMENTOFALL" */
234 {
235 .name = SSL_TXT_CMPALL,
236 .algorithm_enc = SSL_eNULL,
237 },
238
239 /*
240 * "COMPLEMENTOFDEFAULT"
241 * (does *not* include ciphersuites not found in ALL!)
242 */
243 {
244 .name = SSL_TXT_CMPDEF,
245 .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
246 .algorithm_auth = SSL_aNULL,
247 .algorithm_enc = ~SSL_eNULL,
248 },
249
250 /*
251 * key exchange aliases
252 * (some of those using only a single bit here combine multiple key
253 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
254 * and DHE_RSA)
255 */
256 {
257 .name = SSL_TXT_kRSA,
258 .algorithm_mkey = SSL_kRSA,
259 },
260 {
261 /* no such ciphersuites supported! */
262 .name = SSL_TXT_kDHr,
263 .algorithm_mkey = SSL_kDHr,
264 },
265 {
266 /* no such ciphersuites supported! */
267 .name = SSL_TXT_kDHd,
268 .algorithm_mkey = SSL_kDHd,
269 },
270 {
271 /* no such ciphersuites supported! */
272 .name = SSL_TXT_kDH,
273 .algorithm_mkey = SSL_kDHr|SSL_kDHd,
274 },
275 {
276 .name = SSL_TXT_kEDH,
277 .algorithm_mkey = SSL_kEDH,
278 },
279 {
280 .name = SSL_TXT_DH,
281 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
282 },
283
284 {
285 .name = SSL_TXT_kKRB5,
286 .algorithm_mkey = SSL_kKRB5,
287 },
288
289 {
290 .name = SSL_TXT_kECDHr,
291 .algorithm_mkey = SSL_kECDHr,
292 },
293 {
294 .name = SSL_TXT_kECDHe,
295 .algorithm_mkey = SSL_kECDHe,
296 },
297 {
298 .name = SSL_TXT_kECDH,
299 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
300 },
301 {
302 .name = SSL_TXT_kEECDH,
303 .algorithm_mkey = SSL_kEECDH,
304 },
305 {
306 .name = SSL_TXT_ECDH,
307 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
308 },
309
310 {
311 .name = SSL_TXT_kPSK,
312 .algorithm_mkey = SSL_kPSK,
313 },
314 {
315 .name = SSL_TXT_kSRP,
316 .algorithm_mkey = SSL_kSRP,
317 },
318 {
319 .name = SSL_TXT_kGOST,
320 .algorithm_mkey = SSL_kGOST,
321 },
322
258 /* server authentication aliases */ 323 /* server authentication aliases */
259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 324 {
260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 325 .name = SSL_TXT_aRSA,
261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 326 .algorithm_auth = SSL_aRSA,
262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 327 },
263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 328 {
264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 329 .name = SSL_TXT_aDSS,
265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 330 .algorithm_auth = SSL_aDSS,
266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 331 },
267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 332 {
268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 333 .name = SSL_TXT_DSS,
269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 334 .algorithm_auth = SSL_aDSS,
270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 335 },
271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 336 {
272 337 .name = SSL_TXT_aKRB5,
338 .algorithm_auth = SSL_aKRB5,
339 },
340 {
341 .name = SSL_TXT_aNULL,
342 .algorithm_auth = SSL_aNULL,
343 },
344 {
345 /* no such ciphersuites supported! */
346 .name = SSL_TXT_aDH,
347 .algorithm_auth = SSL_aDH,
348 },
349 {
350 .name = SSL_TXT_aECDH,
351 .algorithm_auth = SSL_aECDH,
352 },
353 {
354 .name = SSL_TXT_aECDSA,
355 .algorithm_auth = SSL_aECDSA,
356 },
357 {
358 .name = SSL_TXT_ECDSA,
359 .algorithm_auth = SSL_aECDSA,
360 },
361 {
362 .name = SSL_TXT_aPSK,
363 .algorithm_auth = SSL_aPSK,
364 },
365 {
366 .name = SSL_TXT_aGOST94,
367 .algorithm_auth = SSL_aGOST94,
368 },
369 {
370 .name = SSL_TXT_aGOST01,
371 .algorithm_auth = SSL_aGOST01,
372 },
373 {
374 .name = SSL_TXT_aGOST,
375 .algorithm_auth = SSL_aGOST94|SSL_aGOST01,
376 },
377
273 /* aliases combining key exchange and server authentication */ 378 /* aliases combining key exchange and server authentication */
274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 379 {
275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 380 .name = SSL_TXT_EDH,
276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 381 .algorithm_mkey = SSL_kEDH,
277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 382 .algorithm_auth = ~SSL_aNULL,
278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 383 },
279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 384 {
280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 385 .name = SSL_TXT_EECDH,
281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 386 .algorithm_mkey = SSL_kEECDH,
282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 387 .algorithm_auth = ~SSL_aNULL,
283 388 },
284 389 {
390 .name = SSL_TXT_NULL,
391 .algorithm_enc = SSL_eNULL,
392 },
393 {
394 .name = SSL_TXT_KRB5,
395 .algorithm_mkey = SSL_kKRB5,
396 .algorithm_auth = SSL_aKRB5,
397 },
398 {
399 .name = SSL_TXT_RSA,
400 .algorithm_mkey = SSL_kRSA,
401 .algorithm_auth = SSL_aRSA,
402 },
403 {
404 .name = SSL_TXT_ADH,
405 .algorithm_mkey = SSL_kEDH,
406 .algorithm_auth = SSL_aNULL,
407 },
408 {
409 .name = SSL_TXT_AECDH,
410 .algorithm_mkey = SSL_kEECDH,
411 .algorithm_auth = SSL_aNULL,
412 },
413 {
414 .name = SSL_TXT_PSK,
415 .algorithm_mkey = SSL_kPSK,
416 .algorithm_auth = SSL_aPSK,
417 },
418 {
419 .name = SSL_TXT_SRP,
420 .algorithm_mkey = SSL_kSRP,
421 },
422
285 /* symmetric encryption aliases */ 423 /* symmetric encryption aliases */
286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 424 {
287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 425 .name = SSL_TXT_DES,
288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 426 .algorithm_enc = SSL_DES,
289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 427 },
290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 428 {
291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 429 .name = SSL_TXT_3DES,
292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 430 .algorithm_enc = SSL_3DES,
293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, 431 },
294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 432 {
295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 433 .name = SSL_TXT_RC4,
296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 434 .algorithm_enc = SSL_RC4,
297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 435 },
298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 436 {
299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 437 .name = SSL_TXT_RC2,
300 438 .algorithm_enc = SSL_RC2,
439 },
440 {
441 .name = SSL_TXT_IDEA,
442 .algorithm_enc = SSL_IDEA,
443 },
444 {
445 .name = SSL_TXT_SEED,
446 .algorithm_enc = SSL_SEED,
447 },
448 {
449 .name = SSL_TXT_eNULL,
450 .algorithm_enc = SSL_eNULL,
451 },
452 {
453 .name = SSL_TXT_AES128,
454 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
455 },
456 {
457 .name = SSL_TXT_AES256,
458 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
459 },
460 {
461 .name = SSL_TXT_AES,
462 .algorithm_enc = SSL_AES,
463 },
464 {
465 .name = SSL_TXT_AES_GCM,
466 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
467 },
468 {
469 .name = SSL_TXT_CAMELLIA128,
470 .algorithm_enc = SSL_CAMELLIA128,
471 },
472 {
473 .name = SSL_TXT_CAMELLIA256,
474 .algorithm_enc = SSL_CAMELLIA256,
475 },
476 {
477 .name = SSL_TXT_CAMELLIA,
478 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
479 },
480
301 /* MAC aliases */ 481 /* MAC aliases */
302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 482 {
303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 483 .name = SSL_TXT_MD5,
304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 484 .algorithm_mac = SSL_MD5,
305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 485 },
306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 486 {
307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 487 .name = SSL_TXT_SHA1,
308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 488 .algorithm_mac = SSL_SHA1,
309 489 },
490 {
491 .name = SSL_TXT_SHA,
492 .algorithm_mac = SSL_SHA1,
493 },
494 {
495 .name = SSL_TXT_GOST94,
496 .algorithm_mac = SSL_GOST94,
497 },
498 {
499 .name = SSL_TXT_GOST89MAC,
500 .algorithm_mac = SSL_GOST89MAC,
501 },
502 {
503 .name = SSL_TXT_SHA256,
504 .algorithm_mac = SSL_SHA256,
505 },
506 {
507 .name = SSL_TXT_SHA384,
508 .algorithm_mac = SSL_SHA384,
509 },
510
310 /* protocol version aliases */ 511 /* protocol version aliases */
311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 512 {
312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 513 .name = SSL_TXT_SSLV2,
313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 514 .algorithm_ssl = SSL_SSLV2,
314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 515 },
315 516 {
517 .name = SSL_TXT_SSLV3,
518 .algorithm_ssl = SSL_SSLV3,
519 },
520 {
521 .name = SSL_TXT_TLSV1,
522 .algorithm_ssl = SSL_TLSV1,
523 },
524 {
525 .name = SSL_TXT_TLSV1_2,
526 .algorithm_ssl = SSL_TLSV1_2,
527 },
528
316 /* export flag */ 529 /* export flag */
317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 530 {
318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 531 .name = SSL_TXT_EXP,
319 532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
320 /* strength classes */ 539 /* strength classes */
321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 540 {
322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 541 .name = SSL_TXT_EXP40,
323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 542 .algo_strength = SSL_EXP40,
324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 543 },
325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW,
551 },
552 {
553 .name = SSL_TXT_MEDIUM,
554 .algo_strength = SSL_MEDIUM,
555 },
556 {
557 .name = SSL_TXT_HIGH,
558 .algo_strength = SSL_HIGH,
559 },
560
326 /* FIPS 140-2 approved ciphersuite */ 561 /* FIPS 140-2 approved ciphersuite */
327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 562 {
563 .name = SSL_TXT_FIPS,
564 .algorithm_enc = ~SSL_eNULL,
565 .algo_strength = SSL_FIPS,
566 },
328}; 567};
568
329/* Search for public key algorithm with given name and 569/* Search for public key algorithm with given name and
330 * return its pkey_id if it is available. Otherwise return 0 570 * return its pkey_id if it is available. Otherwise return 0
331 */ 571 */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 08:06:59 +0000